Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
5095e72a
Commit
5095e72a
authored
Mar 21, 2011
by
Mark Andrews
Browse files
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
parent
653cad79
Changes
6
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
5095e72a
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
...
...
bin/tests/system/dnssec/ns2/named.conf
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
3
4
201
0
/
11
/
16
01
:
14
:
51
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
3
5
201
1
/
03
/
21
01
:
02
:
39
marka
Exp
$ */
//
NS2
...
...
@@ -33,6 +33,7 @@ options {
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
notify
-
delay
1
;
};
zone
"."
{
...
...
@@ -95,4 +96,10 @@ zone "algroll" {
file
"algroll.db.signed"
;
};
zone
"nsec3chain-test"
{
type
master
;
file
"nsec3chain-test.db.signed"
;
allow
-
update
{
any
;};
};
include
"trusted.conf"
;
bin/tests/system/dnssec/ns2/sign.sh
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.4
7
2011/03/
05 06:35:41
marka Exp $
# $Id: sign.sh,v 1.4
8
2011/03/
21 01:02:39
marka Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -162,3 +162,21 @@ keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat
$infile
$keynew1
.key
$keynew2
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-o
$zone
-k
$keyold1
-k
$keynew1
$zonefile
$keyold1
$keyold2
$keynew1
$keynew2
>
/dev/null
#
#
#
zone
=
nsec3chain-test
zonefile
=
nsec3chain-test.db.signed
cat
>
$zonefile
<<
EOF
@ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
@ 10 NS ns2
@ 10 NS ns3
ns2 10 A 10.53.0.2
ns3 10 A 10.53.0.3
EOF
awk
'END { for (i = 0; i < 1000; i++)
print "host" i, 10, "NS", "ns.elsewhere"; }'
< /dev/null
>>
$zonefile
k
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
-fk
$zone
`
k
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
bin/tests/system/dnssec/ns3/named.conf
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
4
5
2011
/
03
/
05
06
:
35
:
41
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
4
6
2011
/
03
/
21
01
:
02
:
39
marka
Exp
$ */
//
NS3
...
...
@@ -217,4 +217,10 @@ zone "split-smart.example" {
file
"split-smart.example.db"
;
};
zone
"nsec3chain-test"
{
type
slave
;
file
"nsec3chain-test.bk"
;
masters
{
10
.
53
.
0
.
2
; };
};
include
"trusted.conf"
;
bin/tests/system/dnssec/tests.sh
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.8
2
2011/03/
05 19:39:06 each
Exp $
# $Id: tests.sh,v 1.8
3
2011/03/
21 01:02:39 marka
Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -1252,5 +1252,35 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check that NOTIFY is sent at the end of NSEC3 chain generation (
$n
)"
ret
=
0
(
echo
zone nsec3chain-test
echo
server 10.53.0.2 5300
grep
DNSKEY ns2/Knsec3chain-test.
*
.key |
sed
-e
's/.*://'
-e
's/^/update add /'
-e
's/IN/300 IN/'
echo
update add nsec3chain-test. 0 nsec3param 1 0 1 -
echo
send
)
|
$NSUPDATE
for
i
in
1 2 3 4 5 6 7 8 9
do
$DIG
$DIGOPTS
nsec3param nsec3chain-test @10.53.0.2
>
dig.out.ns2.test
$n
||
ret
=
1
if
grep
"ANSWER: 2,"
dig.out.ns2.test
$n
>
/dev/null
then
break
;
fi
echo
"I:sleeping ...."
sleep
3
done
;
grep
"ANSWER: 2,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:nsec3 chain generation not complete"
;
fi
sleep
3
$DIG
$DIGOPTS
+noauth +nodnssec soa nsec3chain-test @10.53.0.2
>
dig.out.ns2.test
$n
||
ret
=
1
$DIG
$DIGOPTS
+noauth +nodnssec soa nsec3chain-test @10.53.0.3
>
dig.out.ns3.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns3.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
exit
$status
lib/dns/zone.c
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.59
7
2011/03/
17 05:21:50
marka Exp $ */
/* $Id: zone.c,v 1.59
8
2011/03/
21 01:02:39
marka Exp $ */
/*! \file */
...
...
@@ -6285,6 +6285,7 @@ zone_nsec3chain(dns_zone_t *zone) {
LOCK_ZONE
(
zone
);
zone_needdump
(
zone
,
DNS_DUMP_DELAY
);
DNS_ZONE_SETFLAG
(
zone
,
DNS_ZONEFLG_NEEDNOTIFY
);
UNLOCK_ZONE
(
zone
);
done:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment